Table of Contents
CEH Certified Ethical Hacker Cert Guide Index
Return to CEH Certified Ethical Hacker Cert Guide, Security, DevOps Security]] - Security SRE - CI/CD Security, Cloud Native Security - Microservices Security - Serverless Security, DevSecOps, Parallel Programming and Security, Concurrency and Security, Database Security, Data Science Security, Machine Learning Security, Cybersecurity Bibliography, Cybersecurity [[Courses]], Cybersecurity Glossary, Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity [[Topics]]
Fair Use Source: B09M86B259 (CEHsntos 2022)
Index A ACL (access control lists), 513–514
active fingerprinting, 142–144
active sniffing, 314, 316
ad-hoc WLANs, 462
AdMutate, 510
ADS (alternate data streams), 217–218
AES (Advanced Encryption Standard), 548, 550
Agile, 594–595
AI (artificial intelligence), viruses and, 250–251
aircrack-ng, 469
airmon-ng tool, 469
AirSnare, 486–487
AirSnort, 484
AirTraf, 484
Aitel, D., 394
ALE (annualized loss expectancy), 13–14
algorithms, 544
encryption, 545–546
hashing, 571–572
Anderson, J., 495
Android, 451–453
applications, 454
Device Administration API, 453–454
malware, 455
rooting, 455
antivirus, 250, 283, 285
activity blockers, 285
APIs (application programming interfaces), 281, 391
Device Administration, 453–455
documentation, 390–391
fuzzing, 391–392
securing, 392
application layer, session hijacking, 334
browser-based on-path attacks, 337
predictable session Token ID, 334–335
application-level attacks, 345–346
Android, 454–455
containers, 598–600
exploits, 200
Java, 202
StickyKeys, 200–201
ports, 62–63
testing, 24
vulnerabilities, 11
web, 362, 368–369
APTs (advanced persistent threats), 248
architecture, Windows, 164–165
ARIN (American Registry for Internet Numbers), 106
ARO (annual rate of occurrence), 13–14
ARP (Address Resolution Protocol), 59, 78, 316–317
messages, 317
poisoning, 317–318
spoofing, 320
Arpwatch, 330
assets, 9
asymmetric encryption, 544, 546, 551–552
Diffie-Hellman, 552–553
ECC (Elliptic-Curve Cryptography), 553
ElGamal, 553
RSA, 552
Bluejacking, 459
Bluesnarfing, 460
brute-force, 206
bump, 452
client-side, 335–337
cloning, 449
cloud computing, 592–593
cookie manipulation, 385
crypographic, 558–560
CSRF (cross-site request forgery), 408–409
cyberterrorism, 21
DDoS (distributed denial-of-service), 10, 347–348
deauthentication, 468–471
dictionary, 206
disgruntled employees and, 21
DoS (denial-of-service), 10, 311, 341–343, 380
application-level, 345–346
countermeasures, 350–352
ICMP, 344–345
peer-to-peer, 345
permanent, 346–347
volumetric, 343–344
fragmentation, 480–482
inference, 558–559
IV (initialization vector), 472–473
jamming, 472
KARMA, 481
KRACK (Key Reinstallation AttaCK), 479
obfuscated, 499–500
overlapping fragmentation, 72
parameter tampering, 393, 399
on-path, 318, 335–350, 384
phishing, 20–21
phreakers and, 20
poison apple, 258
preferred network, 472
RFID (radio frequency identification), 461
rubber hose, 560
script kiddies and, 20–21
malvertising, 236–237
motivation techniques, 247
pharming, 235–236
phishing, 235
pretexting, 246–247
shoulder surfing, 248
spear phishing, 237–244
USB baiting, 248
vishing, 245
whaling, 245–246
software crackers/hackers and, 21
starvation, 321
stolen equipment, 24
system crackers/hackers and, 21
tumbling, 449
watering-hole, 52, 202, 260
web, 373
WEP (Wired Equivalent Privacy), 472–474
WPA (Wi-Fi Protected Access), 476–478
against WPA3, 479–480
authentication, 411–412, 543–544
certificate-based, 412
Kerberos, 198, 205
MD5, 412
multifactor, 196
Windows, 203–205
wireless, 485–486
automated exploit tools, 393–395
availability, 8
AWS Lambda, 598
B backdoors, 54, 257–258, 416
backups, 11–12
banner grabbing, 519–520
using Netcat, 147
using telnet, 146–147
Base64, 562
BeEF (Browser Exploitation Framework), 394
BinText, 287
biometrics, 196–197
black box testing, 14–15
BLE (Bluetooth Low Energy), 604
block cipher, 549
Bluesnarfing, 460
Bluejacking, 459
Bluesnarfing, 460
classifications, 458
versions, 458–459
bogons, 513
botnets, 606–607
countermeasures, 609–611
installation, 609
brute-force attacks, 206, 414
Brutus, 563
buffer overflows, 201–202, 501
bump attacks, 452
Burger, Ralf, 252
Burneye, 264
BYOD (bring your own device), 444, 452–453
Caffrey, A., 261
Cain and Abel, 484
Canvas, 394
CartoReso, 150
cell phones, 450–451. See also mobile devices
cloning, 449
forensics, 452
tumbling, 449
CER (crossover error rate), 196
certificate-based authentication, 412
CIA (confidentiality, integrity, and availability) triad, 8–9, 14
availability, 8
confidentiality, 8, 25, 543
integrity, 8, 544
CI/CD (continuous integration/delivery) pipelines, 596–597
cipher-text only attack, 559
circuit gateways, 515
Cisco Smart Install abuse, 524–526
Clark, Z., 19
clickjacking, 409
cloning, 449
cloud computing, 588–589, 591
access control, 590
attacks, 592–593
auditing, 590
CI/CD, 596–597
deployment models, 588–589
encryption and, 591
regulatory requirements, 590
security, 593
serverless computing, 598
training and, 590
arp -a, 318
attribute, 217
Linux, 211
expn, 184
locate, 170–171
rpcinfo -p, 183
vrfy, 184
netstat, 280–281
no vstack, 524
ntpq -pn, 186
passwd encryption, 526
snmp-user-enum, 189–190
VRFY, 188–189
company directories, footprinting and, 104
compliance
PCI-DSS (Payment Card Industry Data Security Standard), 36
regulations and, 34–36
confidentiality, 8, 25
disclosure and, 10
encryption and, 543
containers, 598–599
Docker, 599
images, 600
registries, 599
scanning, 600–601
cookie(s), 414–415
manipulation attacks, 385
UID value, 415
botnet, 609–611
enumeration, 192–193
footprinting, 122
malware, 279–280
Poodlebleed, 560
sniffing, 328–330
spoofing, 328–330
covering tracks, 20, 54, 213–214
covert communication, 268–269
tunneling
ICMP, 270–272
IPv6, 269–270
TCP, 272–273
UDP, 273
via the application layer, 273–274
coWPAtty, 484
cracker(s), 19, 21
cross-site scripting, 400–401
crypters, 265–267
cryptography, 8, 543. See also encryption; steganography
ATBASH, 545
Caesar’s cipher, 545
CSMA/CA (carrier-sense multiple access with collision avoidance), 463
CSRF (cross-site request forgery), 408–409
CVSS (Common Vulnerability Scoring System), 292–295
CWE (Common Weakness Enumeration), 388
cyberterrorism, 21
D databases, 24
hacking, 421–422
SQL, 422–423
DDoS (distributed denial-of-service) attacks, 10, 32, 347–348, 380
countermeasures, 350–352
tools, 348–350
deauthentication attacks, 468–471
deny all, 52, 78–79
DES (Data Encryption Standard), 548–550, 560
malware, 280–283, 286
sniffers, 329
Device Administration API, 453–455
DevOps, 593, 595–596
DHCP (Dynamic Host Configuration Protocol), 64
snooping, 322–323
dictionary attacks, 206
Diffie-Hellman, 552–553
digital certificate, 553–554, 557
PKI (public key infrastructure), 554–555
digital watermark, 571
disclosure, 10
disgruntled employees, 21
disk encryption, 557
DNS (Domain Name System), 64–65
enumeration, 191–192
footprinting, 112–118
dig and, 117
Nslookup and, 116
SOA (Start of Authority) record, 113
spoofing, 323
zone transfers, 112–116, 118
DNSSEC (Domain Name System Security Extensions), 65
Docker, 599
DOM-based XSS attacks, 404–405
DoS (denial-of-service) attacks, 10, 24, 311, 341–343, 380
application-level, 345–346
countermeasures, 350–352
ICMP, 344–345
peer-to-peer, 345
permanent, 346–347
volumetric, 343–344
droppers, 265, 278
DSSS (direct-sequence spread spectrum), 464
E EAP (Extensible Authentication Protocol), 485–486
ECC (Elliptic-Curve Cryptography), 553
EC-council approach to incident response, 17–18, 93, 151, 218–219
egress filtering, 352–353
ElGamal, 553
ELSave, 214
email. See also SMTP (Simple Mail Transfer Protocol)
encryption, 557
footprinting, 104, 106–107
phishing, 235
spear phishing, 237–244
Trojans and, 259
Emotet, 254
encryption, 411–412, 543
algorithms, 545–546
asymmetric, 544, 546, 551–552
Diffie-Hellman, 552–553
ECC (Elliptic-Curve Cryptography), 553
ElGamal, 553
RSA, 552
confidentiality and, 543
cracking, 484, 563
digital certificates, 553–554
nonrepudiation and, 544
processing power and, 563
public key, 553
symmetric, 544, 546–547
AES (Advanced Encryption Standard), 550
DES (Data Encryption Standard), 548–550, 560
disadvantages of, 547–548
weak, 561
Base64, 562
Uuencode, 562
ensapsulation, 61
enum4linux, 173–176
enumeration, 20, 51–52, 160, 164
countermeasures, 192–193
DNS (Domain Name System), 191–192
banner grabbing, 519–520
firewalking, 518–519
traceroute and, 517
NetBIOS
enum4linux and, 173–176
Hyena and, 177
nbname and, 176–177
nbtscan and, 170
Nmap and, 172–173
NTP, 185–186
commands, 188–190
SMTP (Simple Mail Transfer Protocol), 186–190
SNMP (Simple Network Monitoring Protocol), 177–183
NSE (Nmap Scripting Engine), 179
Netcat, 376–377
Telnet, 375–376
WhatWeb, 375
Httprint, 378–379
NSE scripts, 377
Windows, 164
LDAP, 167–169
NetBIOS, 167–169
RIDs (relative identifiers), 166
SIDs (security identifiers), 165–166
ethical hacking, 19, 31, 34
compliance regulations, 34–36
methodology, 54–55
modes of, 23–24
pen testing, 21–22
reasons for, 26–27
report, 29–30
rules of, 24–25
scope of engagement, 25–26
establishing goals, 28–29
getting approval, 29
report, 29–30
Z. Clark and, 19
Ettercap, 320
European Union, privacy laws, 107
Evan’s Debugger, 286
exploits, 12, 296
application, 200
buffer overflow, 201–202
JAD file, 457
Java, 202
out-of-band technique, 432–433
zero-day, 12
expn command, 184
expoit-db.com, 51–52
assessments, 290
pen testing, 23
F FAR (false acceptance rate), 196
FHSS (frequency-hopping spread spectrum), 464
finger, 183
fingerprinting, 141
active, 142–144
finding open services, 145–148
operating systems, 141
passive, 141
services, 145
SQL, 430
firewalking, 518–519
firewalls, 491, 511, 519–520
application gateways, 515
bypassing, 520–524
application layer tunneling, 521–522
Internet layer protocols, 520–521
TFTP (Trivial File Transfer Protocol), 523–524
transport layer protocols, 521
circuit gateways, 515
identifying, 516
banner grabbing, 519–520
firewalking, 518–519
traceroute and, 517
NAT (Network Address Translation), 512–513
stateful inspection, 515–516
types of, 512
Flame, 250
footprinting, 20, 93. See also scanning
countermeasures, 122
DNS, 112–118
dig and, 117
zone transfers, 113–116
documentation and, 95
email, 106–107
methodology, 93–95
NDP (Network Discovery Protocol), 116
network, 118
subnetting and, 119–120
traceroute, 120–121
through search engines, 96–101
Shodan, 100–101
through social engineering, 121
through social networking sites, 101–102
through web service]]s and websites, 103–106
email, 104
location information, 104
Whois, 108–111
forensics, 352, 452
forms-based authentication, 412
FPipe, 276
fragAttacks, 480
fragmentation, 70–72, 481–482
FRR (false rejection rate), 196
FTP (File Transfer Protocol), 63–64
full backups, 12
fuzzing, 391–392, 421
G gaining access, 565
GDPR (General Data Protection Regulation), 26
geolocation, 451
Gilmore, J., 560
GLBA (Gramm-Leach-Bliley Act), 26
Google, 96, 453
crack and compromise the Wi-Fi network, 484
launch wireless attack, 483–484
wireless traffic analysis, 483
Green, J., 261
H TheHackerGiraffe, 13
hacking, 10, 19, 21
black hat, 19
hacktivists, 32
IoT (Internet of Things), 606
laws
evolution of, 33–34
methodology, 20. See also covering tracks; enumeration; footprinting; maintaining access; privilege escalation; scanning
covering tracks, 54
gaining access, 52–53
reconnaissance and footprinting, 50–51
scanning and enumeration, 51–52
suicide, 19
hard-coded credentials, 389
Hashcat, 207–209, 563
hashing, 8, 571–572
heap spraying, 202
Heartbleed, 565
hiding files, 213–214
hierarchical trust, 556
high-level assessment/audit, 16
HIPAA (Health Insurance Portability and Accountability Act), 26
honeypots, 491, 526–528
detecting, 529–530
types of, 528–529
host-based IDS (intrusion detection system), 495
HTTP (Hypertext Transfer Protocol), 66, 366–369, 371–373, 414
proxies, 372
reponses, 369
requests, 369
URLs and, 370–371
Hyena, 177
I IANA (Internet Assigned Numbers Authority), 106, 108
ICANN (Internet Corporation for Assigned Names and Numbers), 108
ICMP (Internet Control Message Protocol), 69
attacks, 344–345
tunneling, 270–272
IDA Pro, 286
IDS (intrusion detection system), 51–52, 350, 486–487, 490
anomaly detection, 499–502
components, 495
flooding, 507
session splicing, 508
signatures, 498
stateful, 498
responses, 496, 499
Snort, 502, 510
keywords, 503
rules, 502–505
Squert and, 505
tuning, 496–497
weaknesses, 501
IM (instant messaging), Trojans and, 259
impersonation, 246–247. See also pretexting
incident response, 17–18
incremental backups, 12
inference-based assessments, 291
information gathering, 23, 50–51, 95. See also footprinting; reconnaissance
InSpy, 102
INSTEON, 605
integrity, 8, 544
assessments, 290
pen testing, 24
IOC (indicator of compromise), 18
iOS, 455–456
IoT (Internet of Things), 449, 601–604
hacking, 606
protocols, 604–605
IP4/6 69–70
converting addresses to binary, 523
fragmentation, 70–72
tunneling, 269–270
IPC$ (InterProcess Communication), 168
IPS (intrusion prevention system), 490, 502
IPsec, 191, 564
IRC (Internet Relay chat), 259, 607
IV (initialization vector) attacks, 472–473
J JAD (Java Application Descriptor) files, 457
jamming, 472
John the Ripper, 212–213, 563
Kanban, 595
KerbCrack, 198
Kerberos, 198, 205
keyloggers, 198–199, 276–277
hardware, 277
software, 277–278
Kismet, 484, 487
Kocher, P., 560
KRACK (Key Reinstallation AttaCK) attacks, 479
Kubernetes, 55
L LAN Turtle, 565
LDAP, enumeration, 167–169
LDM (loadable kernel module), 215
Linux, 151, 382
Arpwatch, 330
commands, 211
expn, 184
rcpinfo -p, 183
vrfy, 184
enumeration, 183–185
Nmap, 131
rootkits, 214–216
salts, 211–212
Security Onion Distribution, 505–506
traceroute, 74–75
LM (LAN Manger), 203–205
location, information gathering and, 104
clearing, 214
LoRaWAN (Long Range Wide Area Network), 605
LRWPAN (Low Rate Wireless Personal Area Networks), 605
LSASS (Local Security Authority Server Service), 167
M MAC (media access control), 59, 77–78
flooding, 320–321
spoofing, 323
MacOS, privilege escalation, 200
maintaining access, 20, 203
Maltego, 99
malvertising, 236–237
malware, 10, 248. See also virus(es)
analysis, 286
dynamic, 288–290
static, 286–288
countermeasures, 279–280
detecting, 280–283, 286
Emotet, 254
Flame, 250
mobile devices and, 451
transmission methods, 249–251
man-in-the-middle]] attack, 559
MD5, 412
Melissa virus, 253
Meltdown, 199
Mendax, 510
ARP, 317
HTTP, 370
Metasploit, 176–177, 393
ethical hacking, 54–55
footprinting, 93–95
hacking, 20. See also covering tracks; enumeration; footprinting; maintaining access; privilege escalation; scanning
covering tracks, 54
gaining access, 52–53
reconnaissance and footprinting, 50–51
scanning and enumeration, 51–52
information security systems and the stack, 57
MITRE ATT&CK framework, 218–219
NIST SP, 800–115 56
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 56
OSSTMM (Open-Source Security Testing Methodology Manual), 56–57
Agile, 594–595
DevOps, 595–596
waterfall, 594
MFA (multifactor authentication), 196
MFP (Management Frame Protection), 471
Microsoft, 19
Mimikatz, 197–198
misconfiguration, web server, 384–385
MITRE ATT&CK framework, 18, 51, 94–95, 218–219
mobile devices, 449. See also wireless communication
Android, 451–455
bump attacks, 452
data exfiltration, 451
geolocation, 451
iOS, 455–456
malware, 451
platforms, 452–453
tumbling, 449
Windows Mobile Operating System, 456
Mognet, 482–483
money mule, 609
Moore's Law, 548
Morris, R., 253
moving laterally, 20
MP3Stego, 568
multipartite viruses, 250
N NAT (Network Address Translation), 512–513
nbname, 176–177
nbtscan, 170
NDA (nondisclosure agreement), 25
NDP (Network Discovery Protocol), 69–70
Nessus, 511
NetBIOS, enumeration, 167–169
enum4linux and, 173–176
Hyena and, 177
nbname and, 176–177
nbtscan and, 170
Nmap and, 172–173
tools, 169–177
Netcat, 275
banner grabbing, 147
web server enumeration, 376–377
netstat, 280–281
NetStumbler, 482
evaluation, 17
footprinting, 118
subnetting and, 119–120
traceroute, 120–121
network-based IDS (intrusion detection system), 495
detection methodologies, 496
NFS (Network File System), 184
NIDSbench, 511
Nikto, 148
Nimda worm, 253–254, 383
NIST (National Institute of Standards and Technology), 548
SP 800–31, 56
SP 800–145, 588
NLog, 150
Nmap, 131–139, 384
active fingerprinting, 143–144
NetBIOS enumeration, 172–173
NSE scripts, 135–136, 314–315
performing a three-step connection, 136–137
switches, 131–134
nonrepudiation, 544
nontechnical password attacks, 193–194
NSE (Nmap Scripting Engine), 135–136, 179, 377
Nslookup, 112–113, 116
NTLM, 203–205
NTP (Network Time Protocol), enumeration, 185–186
ntpq -pn command, 186
O OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 56
OFDM (orthogonal frequency-division multiplexing), 464
OllyDbg, 287
Omnipeek, 483
open services, finding, 145–148
OpenVAS, 52
fingerprinting, 141
vulnerabilities, 11
Ophcrack, 209
OSA (Open System Authentication), 478–479
application layer, 58
presentation layer, 58
OSSTMM (Open-Source Security Testing Methodology Manual), 56–57
overlapping fragmentation attack, 72
OWASP, 389, 392, 406
Clickjacking Defense Cheat Sheet, 409
Cross-Site Scripting Prevention Cheat Sheet, 406–407
P packers, 265
passive fingerprinting, 141
passive sniffing, 315–316
passwd encryption command, 526
nontechnical, 193–194
technical, 194–195
Linux, 209–213
web application, 412–413
web server, 386
Windows, 205–209
guessing, 195–197
salts, 211–212
sniffing, 197–198
patch management, 351, 395
on-path attacks, 318, 335–350, 384
PCI-DSS (Payment Card Industry Data Security Standard), 36
peer-to-peer attacks, 345
pen testing, 2, 17, 21–22
external, 23
internal, 24
confidentiality and, 30
sections, 30
permanent DoS attacks, 346–347
pharming, 235–236
phishing, 20–21, 235, 237–244. See also spear phishing
phreakers, 20
Piessens, M., 479
ping, 123–124
PKI (public key infrastructure), 554–555
policies, 17
Poodlebleed, 560
port(s), 62–63, 67–68
knocking, 140
redirection, 274–276
scanning, 124–131, 191, 517
closed, 129–131
open, 128–129
TCP, 126–127
tools, 131–140
UDP, 131, 137
security, 328–329
spanning, 314
TCP, 125, 167, 187
Trojans and, 257–258
PPTP (Point-to-Point Tunneling Protocol), 564
preparing for the exam, 620–621
pretexting, 246–247
principle of least privilege, 63
privilege escalation, 53, 199–200, 202
MacOS and, 200
programming, buffer overflows, 201–202, 410–411
protocol-decoding IDS (intrusion detection system), 499
enumeration techniques, 191
IoT (Internet of Things), 604–605
security, 563–565
stateless, 366
public key encryption, 553
PWdump, 205–206
Q qualitative risk assesment, 13
quantitative risk assesssment, 13–14
R race credentials, 389–390
RATs, 261–263
Reaver, 481
reconnaissance, 20, 50, 51. See also footprinting
red teaming, 17
reflected XSS attacks, 401–402
regulations, compliance and, 34–36
2613, 314
2827, 351
3704, 351
RFID (radio frequency identification) attacks, 461
RIDs (relative identifiers), 166
Rijndael, 550
rings of protection, 164
RIRs (Regional Internet Registries), 108
risk, 9
assessment, 13–14
qualitative, 13–14
assets, 9
backups and, 11–12
IOC (indicator of compromise), 18
residual, 9
threats, 9–10, 18
vulnerabilities, 11
RMF (Risk Management Framework), 9
Robin Sage, 102
Ronen, E., 480
rooting, 455
rootkits, 2, 53, 214–216
RSA, 552
rubber hose attack, 560
rules, of ethical hacking, 24–25
Ryan, T., 102
S salts, 211–212
SAM (Security Account Manager), 166, 203
sandbox, 287, 452, 454
Sasser worm, 254
scanning, 20, 51–52. See also port scanning
application-level, 420–421
for competitive intelligence, 102
containers, 600–601
port and service discovery, 124–131
vulnerability, 296–297
web server, 374
zombie, 128
script kiddies, 20–21
client-side attacks and, 336–337
NSE (Nmap Scripting Engine) 135–136, 179, 377
Scrum, 595
CIA (confidentiality, integrity, and availability) triad, 8–9
availability, 8
confidentiality, 8
integrity, 8
cloud computing, 593
goals of, 8–9
policies, 17
protocols, 563–565
testing, 14. See also ethical hacking
full-knowledge, 15
high-level assessment/audit, 16
network evaluation, 17
no-knowledge, 14–15
partial-knowledge, 15
pen test, 17
physical, 24
types of, 15–17
usability and, 7
Windows, 166–167
Security and Exchange Commission, EDGAR database, 105–106
serverless computing, 598
AWS Lambda, 598
service rsyslog stop command, 213
fingerprinting, 145
open, finding, 145–148
session hijacking, 58, 311, 330
application layer, 334
browser-based on-path attacks, 337
predictable session Token ID, 334–335
preventing, 341
tools, 338–340
identify and find an active session, 331
predict the sequence number, 332–333
take control of the session, 333
take one of the parties offline, 333
Shellshock, 97
Shodan, 100–101
shoulder surfing, 248
SIDs (security identifiers), 165–166
site rippers, 378
SLA (service-level agreement), 591
Slammer worm, 254
SLE (single loss expectancy), 13–14
SMAC, 323
SMTP (Simple Mail Transfer Protocol), 64
enumeration, 186–190
commands, 188–190
open relay, 187–188
sniffers, 314–315, 328
active, 314, 316
countermeasures, 328–330
detecting, 329
filters, 326–327
passive, 315–316
password, 197–198
session, 334
Wireshark, 61, 324–328, 368
SNMP (Simple Network Monitoring Protocol), 64
enumeration, 177–183
NSE (Nmap Scripting Engine), 179
snmp-user-enum command, 189–190
Snort, 502, 510
keywords, 503, 509
rules, 502–505
Squert and, 505
Snow, 568
social engineering, 24, 51, 228, 234–235
footprinting and, 121
malvertising, 236–237
motivation techniques, 247
pharming, 235–236
phishing, 235
pretexting, 246–247
shoulder surfing, 248
spear phishing, 237–244
USB baiting, 248
vishing, 245
whaling, 245–246
dangers of, 102
footprinting and, 101–102
software, 11
Agile, 594–595
CI/CD (continuous integration/delivery) pipelines, 596–597
DevOps, 595–596
Scrum and, 595
waterfall methodology, 594
SolarWinds supply chain attack, 257
SOX (Sarbanes-Oxley), 26
Spam Mimic, 569
spanning, 314
spear phishing, 237–244
Spectre, 199
spoofing, 74, 330, 543–544
ARP, 320
cell tower, 452
countermeasures, 328–330
DNS, 323–324
MAC, 323
spread-spectrum technology, 464
out-of-band technique, 432–433
fingerprinting, 430
injection, 425–429
mitigations, 434–435
time-delay, 433–434
statements, 422–425
Squert, 505
SSID (service set identifier), 469
SSL (Secure Sockets Layer), 564–565
starvation attack, 321
stateful inspection firewalls, 515–516
steganalysis, 571
steganography, 566
carriers, 566–567
digital watermarks, 571
filtering, 567
laser printers and, 570
masking, 567
sound files, 567
tools, 568–570
transformation, 567
types of, 566
StickyKeys, 200
subnetting, 119–120
suicide hackers, 19
symmetric encryption, 544, 546–547
AES (Advanced Encryption Standard), 550
DES (Data Encryption Standard), 548–550, 560
disadvantages of, 547–548
system cracking/hacking, 21, 160, 193
automated password guessing, 197
nontechnical password attacks, 193–194
password guessing, 195–197
privilege escalation, 199–200
technical password attacks, 194–195
T TCP (Transmission Control Protocol), 66–67
flags, 66–68, 126
ports, 67–68, 125, 167, 187
tunneling, 272–273
TCP/IP (Transmission Control Protocol/Internet Protocol), 60–61
application layer, 62–66
port-scanning techniques, 126–127
TCSEC (Trusted Computer System Evaluation Criteria), 268
technical password attacks, 194–195
Telnet, 64, 146–147
banner grabbing, 519–520
web server enumeration, 375–376
TFTP (Trivial File Transfer Protocol), 66, 523–524
threats, 9–10, 18
throttling, 350
Tini, 261
TOE (target of evaluation), 14
tools, 30, 68. See also commands
AdMutate, 510
aircrack-ng, 469
airmon-ng, 469
airodump-ng, 469–470
AirSnare, 486–487
AirSnort, 484
AirTraf, 484
BeEF (Browser Exploitation Framework), 394
Brutus, 563
Cain and Abel, 484
Canvas, 394
CartoReso, 150
coWPAtty, 484
DDoS, 348–350
ELSave, 214
enum4linux, 173–176
Ettercap, 320
finger, 183
FPipe, 276
Google Hacking Database, 98–99
Hashcat, 207–209, 563
IDS (intrusion detection system)
flooding and, 507
session splicing, 508
InSpy, 102
John the Ripper, 212–213, 563
KerbCrack, 198
Kismet, 484, 487
Maltego, 99
Meltdown, 199
Mendax, 510
Metasploit, 393
nbname, 176–177
Mimikatz, 197–198
nbtscan, 170
Nessus, 511
Netcat, 147, 275
web server enumeration, 376–377
NIDSbench, 511
Nikto, 148
NLog, 150
Nmap, 131–139, 384
NSE scripts, 135–136
performing a three-step connection, 136–137
Nslookup, 112–113, 116
Ophcrack, 209
ping, 123–124
PWdump, 205–206
RATs, 261–263
rcpinfo -p, 183
Reaver, 481
rootkits, 214–216
session hijacking, 338–340
Shodan, 100–101
site rippers, 378
SMAC, 323
sniffers, 328
countermeasures, 328–330
filters, 326–327
Wireshark, 61, 281–282, 324–328, 368
snmp-check, 179–183
Snort, 502, 510
keywords, 503, 509
rules, 502–503
Squert and, 505
Spectre, 199
SQL injection hacking, 435–436
steganographic, 567–570
telnet, 146–147
Tini, 261
traceroute, 74–76, 120–121, 149, 517
“What’s that site running?”, 103
WhatWeb, 375
whatweb, 148
Whois, 108–111
traceroute, 74–76, 120–121, 149, 517
identify and find an active session, 331
predict the sequence number, 332–333
take control of the session, 333
take one of the parties offline, 333
tree-based assessments, 291
Triludan the Warrior, 33
Trojans, 255–256
banking, 608
distributing, 263–264
crypters, 265–267
droppers, 265
packers, 265
wrappers, 264–265
effects of, 260–261
goals of, 258–259
ports and communication methods, 257–258
processes and, 280
tools
RATs, 261–263
Tini, 261
types of, 256–257
trust, 555
hierarchical, 556
web of, 557
TTPs (tactics, techniques, and procedures), 18
tumbling, 449
tunneling
ICMP, 270–272
IPv6, 269–270
TCP, 272–273
UDP, 273
via the application layer, 273–274
U UDP (User Datagram Protocol), 68
tunneling, 273
Unicode, 383–384
Computer Fraud and Abuse Act (1984), 33–34
Cyber Security Enhancement Act (2002), 34
Economic Espionage Act (1996), 34
Electronic Communications Privacy Act, 33
Federal Information and Security Management Act (FISMA, 2002), 34
Federal Sentencing Guidelines of 1991, 34
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, 34
UNIX, enumeration, 183–185
UPX, 287
URLs, 103, 370–371, 523
encoding, 382–383
obfuscation, 415–417
USB baiting, 248, 258
Uuencode, 562
V Vanhoef, M., 479–480
Virdem, 252
virus(es), 10, 248–249
AI and, 250–251
anti-detection routine, 251
Brain, 252
cluster, 250
history of, 252–253
infection routine, 251
macro, 250
multipartite, 250
propagation, 253–255
search routine, 251
transmission methods, 249–251
trigger routine, 251
vishing, 245
VRFY command, 188–189
vrfy command, 184
vulnerability(ies), 11, 145–146
analysis, 290
external vs. internal assessments, 290–291
passive vs. active assessmetns, 290
solutions, 291
tree-based vs. inference-based assessments, 291–292
exploits and, 296
scanners, 52, 296–297
Nikto, 148
CVSS (Common Vulnerability Scoring System), 292–295
web application, cross-site scripting, 400–401
web server, 379, 386–388
hard-coded credentials, 389
race credentials, 389–390
W WannaCry, 267
waterfall methodology, 594
watering-hole attack, 52, 202, 260
weak encryption, 561
Base64, 562
Uuencode, 562
attacking, 398, 410–411
DOM-based XSS attacks, 404–405
parameter tampering, 399
reflected XSS attacks, 401–402
buffer overflows, 410–411
clickjacking, 409
cookies, 414–415
cross-site scripting, 400–401
CSRF attacks, 408–409
OWASP Cross-Site Scripting Prevention Cheat Sheet, 406–407
securing, 419–421
URL obfuscation, 415–417
XSS evasion techniques, 405–406
Trojans and, 259–260
web servers, 366
attacking, 380
automated exploit tools, 393–395
DNS server hijacking and amplification attacks, 380–382
disable unwanted services, 396
Netcat, 376–377
Telnet, 375–376
WhatWeb, 375
file system, 396
hardening, 395
logging and, 396
misconfiguration, 384–385
patch management, 395
scanning, 374
vulnerabilities, 386–388
hard-coded credentials, 389
race credentials, 389–390
vulnerability identification, 379
vulnerability scanning, 397–398
WebGoat, 425
data aggregation broker]]age, 106–107
defacement, 384
Httprint, 378–379
NSE scripts, 377
expoit-db.com, 51–52
financial information, 106
footprinting and, 103–106
Google Hacking Database, 98–99
keeping up with current vulnerabilities, 30–31
w3schools.com, 370, 423
Zabasearch, 107
WebSploit, 151
WEP (Wired Equivalent Privacy), 445, 464–466
attacking, 472–474
XORing, 465
whaling, 245–246
WhatWeb, 375
whatweb, banner grabbing, 148
Whois, 108–111
Wi-Fi, 461–462
IoT and, 605
Windows. See also NetBIOS
architecture, 164–165
authentication, 203–205
enumeration, 164
IPC$ (InterProcess Communication) and, 168
NetBIOS, 167–177
LSASS (Local Security Authority Server Service), 167
Mobile Operating System, 456
brute-force attacks, 206
dictionary attacks, 206
Hashcat, 207–209
Ophcrack, 209
PWdump, 205–206
tools, 206–207
RIDs (relative identifiers), 166
SAM (Security Account Manager), 166
security, 166–167
SIDs (security identifiers), 165–166
StickyKeys, 200
wireless communication, 24, 444. See also WLANs
authentication, 485–486
Bluetooth, 458, 460
classifications, 458
versions, 458–459
CSMA/CA (carrier-sense multiple access with collision avoidance), 463
IDS (intrusion detection system), 486–487
jamming, 472
RFID (radio frequency identification) attacks, 461
spread-spectrum technology, 464
Wi-Fi, 461–462
WLANs, 462
ad-hoc, 462
infrastructure, 462–463
standards, 463–464
Wireshark, 61, 281–282, 324–328, 368
WLANs, 462
ad-hoc, 462
attacking the preferred network lists, 472
deauthentication attacks, 468–471
fragAttacks, 480
fragmentation attacks, 481–482
infrastructure, 462–463
KRACK (Key Reinstallation AttaCK) attacks, 479
MFP (Management Frame Protection), 471
OSA (Open System Authentication), 478–479
WEP (Wired Equivalent Privacy), 464–466
WPA (Wi-Fi Protected Access), 466–467
standards, 463–464
WPA3, attacks against, 479–480
WPS (Wi-Fi Protected Setup), 481
worms, 253
Conficker, 254
Nimda, 253–254, 383
Sasser, 254
Slammer, 254
Storm, 254
WPA (Wi-Fi Protected Access), 445, 466–467
attacking, 474–478
WPA3, attacks against, 479–480
WPS (Wi-Fi Protected Setup), 480–481
wrappers, 264–265
X
X.509, 554–555
XOR (exclusive ORing), 411–412, 561
WEP and, 465
Xprobe2, 144
XSS (cross-site scripting), 400–404
mitigations, 406–408
preventing, 407–408
Y
Z
Zabasearch, 107
zero-day exploit, 12
Zigbee, 604
zombie scan, 128
zone transfers, 112–116, 118
Z-Wave, 604–605
Fair Use Sources
Pentesting: Vulnerability Assessment, Penetration Testing Frameworks, Ethical Hacking, Social Engineering Attacks, Network Penetration Testing, Web Application Penetration Testing, Wireless Network Penetration Testing, Physical Security Penetration Testing, Social Engineering Techniques, Phishing Techniques, Password Cracking Techniques, SQL Injection Attacks, Cross-Site Scripting (XSS) Attacks, Cross-Site Request Forgery (CSRF) Attacks, Security Misconfiguration Issues, Sensitive Data Exposure, Broken Authentication and Session Management, Insecure Direct Object References, Components with Known Vulnerabilities, Insufficient Logging and Monitoring, Mobile Application Penetration Testing, Cloud Security Penetration Testing, IoT Device Penetration Testing, API Penetration Testing, Encryption Flaws, Buffer Overflow Attacks, Denial of Service (DoS) Attacks, Distributed Denial of Service (DDoS) Attacks, Man-in-the-Middle (MitM) Attacks, Port Scanning Techniques, Firewall Evasion Techniques, Intrusion Detection System (IDS) Evasion Techniques, Penetration Testing Tools, Automated Penetration Testing Software, Manual Penetration Testing Techniques, Post-Exploitation Techniques, Privilege Escalation Techniques, Persistence Techniques, Security Patches and Updates Testing, Compliance Testing, Red Team Exercises, Blue Team Strategies, Purple Teaming, Threat Modeling, Risk Analysis, Vulnerability Scanning Tools, Exploit Development, Reverse Engineering, Malware Analysis, Digital Forensics in Penetration Testing
Mitre Framework, Common Vulnerabilities and Exposures (CVE), Pentesting by Programming Language (Angular Pentesting, Bash Pentesting, C Pentesting, C++ Pentesting, C# Pentesting, Clojure Pentesting, COBOL Pentesting, Dart Pentesting, Fortran Pentesting, Golang Pentesting, Java Pentesting, JavaScript Pentesting, Kotlin Pentesting, Python Pentesting, PowerShell Pentesting, React Pentesting, Ruby Pentesting, Rust Pentesting, Scala Pentesting, Spring Pentesting, Swift Pentesting - iOS Pentesting - macOS Pentesting, TypeScript Pentesting),
Pentesting by Cloud Provider, Pentesting by OS, Pentesting by Company, Awesome Pentesting, Pentesting Bibliography, Pentesting GitHub, Pentesting topics, Cybersecurity topics, Dictionary attack, Passwords, Hacking (Ethical hacking, White hat, Black hat, Grey hat), Pentesting, Rainbow table, Cybersecurity certifications (CEH), Awesome pentesting. (navbar_pentesting. See also navbar_passwords, navbar_security, navbar_encryption, navbar_iam, navbar_devsecops)
Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;
, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security
Python Security - Django Security - Flask Security - Pandas Security,
Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security (Valkey Security), Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Infinispan Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),
Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C# Security, 5. C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F# Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);
OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Passkeys, Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy)
© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.